US Marshals hit with major ransomware attack, compromising employee info

March 1, 2023

A major ransomware attack compromised a host of sensitive information held by the US Marshals Service, including details about potential targets of investigations and employees of the federal law enforcement agency.

The cyberattack was discovered in “a stand-alone USMS system” on Feb. 17 and prompted a forensic investigation by the Department of Justice, said Drew Wade, a spokesperson for the Marshals Service.

On Feb. 22, officials from the Marshals Service briefed investigators from the DOJ, who determined the breach was a “major incident” that affected an array of sensitive law enforcement information.

“The affected system contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees,” Wade said in the statement.

Investigators were working to determine if information compromised in the attack was posted online, according to a Feb. 27 email from US Marshals Director Ronald Davis reviewed by The Post.

“At this time, DOJ has not identified the exfiltrated data as being available on the internet,” the email states.

A ransomware attack on the US Marshals Service compromised sensitive information.

“The analysis of the impact of the event is ongoing, and at present it is unknown to what extent personally identifiable information related to certain USMS employees was compromised,” the email adds.

In response to the attack, the Administrative Office of US Courts has contacted the Justice Department to understand whether the ransomware will affect employees of federal courts, according to an email reviewed by The Post.

“We are in communication with the USMS and the Department of Justice to understand the potential impact that this breach may have on judiciary operations and personnel,” the email from the court office states.

The information compromised include details about potential investigation targets and employee data. — The information compromised includes details about potential investigation targets and employee data.

“In addition, local US marshals have been in contact with chief district judges regarding this event. We have been advised at this time that the breach has not involved personal information for judiciary personnel,” it adds.

The court office will reset passwords for certain Marshals in PACER, an electronic database of federal court records, according to the email.

“This will reduce the risk of USMS personnel that may have reused their passwords on the impacted system and PACER,” the email states.